Switch Switch to
Switch to
approved testing


We provide ISO/IEC 27001:2013 pre-certification assessments and accredited certifications, utilising the framework required in the ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015 standards. If you are considering the ISO/IEC 27001:2013 certification, looking to transfer your existing certification, or would like to engage in further discussion around this service offering, please contact us.

The process follows several stages as described below.

  1. Application review

    Once eCOGRA has reviewed and approved your application for ISO/IEC 27001:2013 certification, the scope, timing, and deliverables of our services, as well as the rights and obligations of both parties are documented prior to the commencement of any audit or certification services. We shall then appoint a qualified and competent audit team leader who will guide you and your company through the following steps:

  2. Pre-certification assessment (optional)

    This is an optional assessment which happens prior to the formal ISO/IEC 27001:2013 certification audit. The purpose of this assessment is to take a closer look at your existing ISMS and compare it with the requirements of ISO/IEC 27001:2013. The assessment will assist in identifying any non-conformities, allowing your organisation enough time to address those prior to starting the formal certification audit; saving you time and money. In addition to this, the assessment provides an opportunity for your staff to gain a better understanding of what the formal certification audit will entail in order to be more prepared for it.

  3. Certification audit

    The initial certification audit consists of two stages.

    • Initial Certification - Stage 1 Audit

      The first stage, often performed onsite at the client location, consists of a review of your organisation’s readiness for the main assessment by reviewing if the necessary ISO/IEC 27001:2013 documents and management system requirements have been met from a design and implementation perspective. If all the requirements are met, we will then proceed to the stage two audit.

    • Initial Certification - Stage 2 Audit

      The second stage of the initial certification audit includes in-depth testing to assess the operating effectiveness of your management system and the design, implementation, and operating effectiveness of the implemented controls. This stage is performed onsite at the client location, or multiple locations, if required by the scope of the ISMS. At the end of the Stage 2 Audit, the lead auditor will provide details of any non-conformities identified that will need to be addressed before certification can be provided as part of the recommendation for certification.

    Following the stage two audit, eCOGRA’s Certification Committee shall make a decision on whether to grant certification based on a review of work performed and lead auditor’s recommendation.

  4. Certification and beyond

    Once you have met all the requirements to pass the certification audit, you will receive an eCOGRA ISO/IEC 27001:2013 certificate, certification logos and associative rules. Certification is valid for a 3-year period and is subject to annual surveillance audits.

    • Surveillance Audit Stage

      Surveillance audits are required to be completed annually and entail a risk-based onsite review to determine if any significant or relevant changes have been made to the ISMS as well as limited scope testing to ensure that your ISMS maintains compliance with the standard and continually improves.

    • Re-Certification Stage

      Before the expiry of the three-year certification term and in subsequent cycles, full re-certification audits will be performed by eCOGRA, to ensure continuity of your certification. The scope of this review and audit will depend on the findings of the surveillance audits and information determined in Stage 1 of the re-certification review.